Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383035303a3a2f34342d3438203d3e20323131323333.roa
File:                     326131323a646434373a383035303a3a2f34342d3438203d3e20323131323333.roa (raw, json)
Hash identifier:          K2h9rxcH8zBXPM9MHpaHcyUy+VeZQLyT6hsCI68imSk=
Subject key identifier:   EB:5A:7B:E9:5A:ED:BA:2B:84:95:78:60:D0:FD:67:35:DC:6B:A0:1B
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       6CCF5DD4CAFB7AE907FDF079DD4B48A2B34A25C7
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383035303a3a2f34342d3438203d3e20323131323333.roa
Signing time:             Fri 11 Oct 2024 10:04:11 +0000
ROA not before:           Fri 11 Oct 2024 09:59:11 +0000
ROA not after:            Fri 10 Oct 2025 10:04:11 +0000
asID:                     211233
IP address blocks:        2a12:dd47:8050::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 01:13:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:cf:5d:d4:ca:fb:7a:e9:07:fd:f0:79:dd:4b:48:a2:b3:4a:25:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:11 2024 GMT
            Not After : Oct 10 10:04:11 2025 GMT
        Subject: CN=EB5A7BE95AEDBA2B84957860D0FD6735DC6BA01B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b2:96:59:ff:3b:a5:ae:ac:50:6b:97:87:72:
                    8e:d3:88:16:69:7c:5e:82:2e:80:7d:d0:23:8f:9d:
                    41:00:50:60:c9:78:7f:0f:44:84:3b:ce:c8:83:9e:
                    79:a3:d8:60:b6:4a:44:2e:3d:9b:02:11:16:c6:ae:
                    18:ec:fb:0a:99:57:f0:67:b5:01:21:49:f8:28:b0:
                    31:62:b7:78:b5:08:5e:e5:fc:5c:45:da:47:d6:71:
                    32:ca:c5:bc:1b:1a:b4:c5:df:20:fb:30:49:94:a9:
                    e4:42:2d:52:30:5d:df:6d:98:73:2c:55:9b:ee:50:
                    3f:3f:8a:2b:24:e0:35:52:ca:76:ae:ff:47:d7:c5:
                    fe:d2:1e:71:a6:8b:84:8a:df:66:4c:e6:58:c7:b8:
                    c2:73:74:30:5d:a6:ff:02:c1:b3:f2:1f:69:95:bd:
                    fa:9e:2c:e7:6f:6c:a7:b8:84:63:f8:48:ac:63:c0:
                    d5:46:1b:8d:f5:29:94:8b:89:72:b9:6e:8b:83:ce:
                    77:76:1e:fe:e5:06:52:c7:0e:3a:f4:2f:8b:b7:3c:
                    6e:b8:c6:7f:26:c7:14:8d:01:79:54:e2:d7:95:a3:
                    34:61:ec:58:82:41:61:08:fe:7e:ca:11:ba:a4:8d:
                    7b:14:ac:6c:fc:91:e9:87:59:84:49:c4:68:7d:6f:
                    07:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5A:7B:E9:5A:ED:BA:2B:84:95:78:60:D0:FD:67:35:DC:6B:A0:1B
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383035303a3a2f34342d3438203d3e20323131323333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8050::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:72:89:da:23:7f:a4:35:1d:24:d8:40:86:33:80:19:da:d0:
         9d:5a:07:ab:a8:56:4e:05:2a:a1:48:9b:14:e6:06:f4:7c:d6:
         45:c9:6d:20:33:f1:ba:76:ca:51:ee:e6:d7:2e:8e:31:ac:11:
         b7:c8:2f:d7:f1:00:94:22:01:e0:d9:c4:e9:06:96:95:80:1a:
         ab:26:dd:a5:73:6e:b1:67:a7:f7:32:9d:8d:fd:1e:62:f3:d7:
         6b:f8:0c:e3:47:8a:f2:70:55:8e:66:67:83:0d:d1:03:38:a6:
         76:a3:34:75:da:d1:2e:ef:9e:f1:60:1d:27:42:a5:1b:10:1f:
         b8:07:94:a7:97:56:ae:56:da:88:b4:a8:76:3f:c7:3b:b3:c5:
         9d:a9:b3:22:83:b5:fb:3d:81:78:55:2d:4f:6c:03:1f:ad:37:
         82:02:85:1c:d5:58:0c:8c:66:09:b5:2f:2d:7a:7c:99:bb:c6:
         d3:f0:46:44:af:1d:9e:a8:cd:04:b9:12:cf:45:66:d9:f7:80:
         f6:e5:99:70:d2:3f:89:8f:f8:2a:da:9e:a6:5e:af:12:b8:73:
         b7:a7:5d:a8:af:1a:2b:5e:23:2b:ab:5c:27:86:cc:64:87:3c:
         9e:26:1a:5b:78:6d:23:74:56:21:b9:fd:97:82:e5:bf:ee:1b:
         da:5c:a5:b1
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUbM9d1Mr7eukH/fB53UtIorNKJccwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTFaFw0yNTEwMTAxMDA0MTFaMDMxMTAvBgNV
BAMTKEVCNUE3QkU5NUFFREJBMkI4NDk1Nzg2MEQwRkQ2NzM1REM2QkEwMUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0spZZ/zulrqxQa5eHco7TiBZp
fF6CLoB90COPnUEAUGDJeH8PRIQ7zsiDnnmj2GC2SkQuPZsCERbGrhjs+wqZV/Bn
tQEhSfgosDFit3i1CF7l/FxF2kfWcTLKxbwbGrTF3yD7MEmUqeRCLVIwXd9tmHMs
VZvuUD8/iisk4DVSynau/0fXxf7SHnGmi4SK32ZM5ljHuMJzdDBdpv8CwbPyH2mV
vfqeLOdvbKe4hGP4SKxjwNVGG431KZSLiXK5bouDznd2Hv7lBlLHDjr0L4u3PG64
xn8mxxSNAXlU4teVozRh7FiCQWEI/n7KEbqkjXsUrGz8kemHWYRJxGh9bwd9AgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU61p76VrtuiuElXhg0P1nNdxroBswHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMwMzUzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzEzMTMyMzMzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeAUDANBgkqhkiG
9w0BAQsFAAOCAQEAPHKJ2iN/pDUdJNhAhjOAGdrQnVoHq6hWTgUqoUibFOYG9HzW
RcltIDPxunbKUe7m1y6OMawRt8gv1/EAlCIB4NnE6QaWlYAaqybdpXNusWen9zKd
jf0eYvPXa/gM40eK8nBVjmZngw3RAzimdqM0ddrRLu+e8WAdJ0KlGxAfuAeUp5dW
rlbaiLSodj/HO7PFnamzIoO1+z2BeFUtT2wDH603ggKFHNVYDIxmCbUvLXp8mbvG
0/BGRK8dnqjNBLkSz0Vm2feA9uWZcNI/iY/4Ktqepl6vErhzt6ddqK8aK14jK6tc
J4bMZIc8niYaW3htI3RWIbn9l4Llv+4b2lylsQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 07:13:30 2024 by rpki-client on console-fra.rpki-client.org